1: <?php
 2: /*****************************************************************************************
 3:  * X2Engine Open Source Edition is a customer relationship management program developed by
 4:  * X2Engine, Inc. Copyright (C) 2011-2016 X2Engine Inc.
 5:  * 
 6:  * This program is free software; you can redistribute it and/or modify it under
 7:  * the terms of the GNU Affero General Public License version 3 as published by the
 8:  * Free Software Foundation with the addition of the following permission added
 9:  * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
10:  * IN WHICH THE COPYRIGHT IS OWNED BY X2ENGINE, X2ENGINE DISCLAIMS THE WARRANTY
11:  * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
12:  * 
13:  * This program is distributed in the hope that it will be useful, but WITHOUT
14:  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
15:  * FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
16:  * details.
17:  * 
18:  * You should have received a copy of the GNU Affero General Public License along with
19:  * this program; if not, see http://www.gnu.org/licenses or write to the Free
20:  * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
21:  * 02110-1301 USA.
22:  * 
23:  * You can contact X2Engine, Inc. P.O. Box 66752, Scotts Valley,
24:  * California 95067, USA. or at email address contact@x2engine.com.
25:  * 
26:  * The interactive user interfaces in modified source and object code versions
27:  * of this program must display Appropriate Legal Notices, as required under
28:  * Section 5 of the GNU Affero General Public License version 3.
29:  * 
30:  * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
31:  * these Appropriate Legal Notices must retain the display of the "Powered by
32:  * X2Engine" logo. If the display of the logo is not reasonably feasible for
33:  * technical reasons, the Appropriate Legal Notices must display the words
34:  * "Powered by X2Engine".
35:  *****************************************************************************************/
36: 
37: 
38: class X2HttpRequest extends CHttpRequest {
39: 
40:     private $csrfValidationWhitelist = array (
41:         '/^api2?\//', // allow all api requests
42:         '/^contacts\/weblead$/', // allow web form requests
43:         '/^services\/webForm$/', // allow web form requests
44:     );
45: 
46:     /**
47:      * Override parent method to prevent csrf token validation during whitelisted requests
48:      */
49:     public function validateCsrfToken ($event) {
50:         foreach ($this->csrfValidationWhitelist as $regex) {
51:             if (preg_match ($regex, $this->pathInfo)) {
52:                 return;
53:             }
54:         }
55: 
56:         return parent::validateCsrfToken ($event);
57:     }
58: 
59:     public function redirect($url,$terminate=true,$statusCode=302) {
60:         if (Yii::app()->isMobileApp ()) {
61:             $params = array ();
62:             if (isset ($_GET['x2ajax'])) $params['x2ajax'] = $_GET['x2ajax'];
63:             if (isset ($_GET['isMobileApp'])) $params['isMobileApp'] = $_GET['isMobileApp'];
64:               
65:             $url = UrlUtil::mergeParams ($url, $params);
66:         }
67:         return parent::redirect ($url, $terminate, $statusCode);
68:     }
69: 
70: 
71: }
72: 
73: ?>
74: